This listing of claims will replace all prior versions, and listings, of claims in the application: 



1. (previously presented) A method for performing network address translation on 
data, the method comprising: 

receiving a first data having a first source address and a first destination 
address, wherein the first data is sent by a first node in a first domain to a second 
node in a second domain, and wherein the first data is received into a first 
interface associated with the first domain and output from a second interface 
associated with the second domain, and wherein the first domain differs from the 
second domain; 

obtaining routing information for the first data; 

if the first source address is a private address and if a binding between the 
first source address, the first interface, and a first public address is found, 
translating the first source address into the first public address specified by the 
found binding prior to sending the first data to the second domain destination; 

if the first source address is a private address and if a binding between the 
first source address, the first interface, and a first public address is not found, 
translating the first source address into a selected public address and forming and 
storing a first binding between the first source address, the selected public address, 
and the first interface, wherein the translation is performed prior to sending the 
first data to the second domain destination; 

if a destination binding between the first destination address, a first private 
address, and the second interface is found, translating the first destination address 
into the first private address specified by the destination binding, wherein the 
translation of the first destination address is performed prior to sending the first 
data out the second interface to the second node; and 



sending the first data to the second node based on the routing information. 

2. (Previously presented) A method as recited in claim 1, further comprising: 

receiving a second data having a second source address and a second 
destination address, wherein the second data is sent by a third node in a third 
domain to a fourth node in a fourth domain, and wherein the first data is received 
into a third interface associated with the third domain and output from a fourth 
interface associated with the fourth domain, and wherein the third domain differs 
from the first domain but the second source address is the same as the first source 
address; 

obtaining routing information for the second data; 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is 
found, translating the second source address into the second public address 
specified by the found binding prior to sending the second data from the fourth 
domain interface; 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is not 
found, translating the second source address into a selected public address and 
forming and storing a second binding between the second source address, the 
selected public address, and the third interface, wherein the translation is 
performed prior to sending the second data from the fourth interface; 

if a second destination binding between the second destination address, a 
second private address, and the fourth interface is found, translating the second 
destination address into the second private address specified by the second 
destination binding, wherein the translation of the second destination address is 
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performed prior to sending the second data out the fourth interface to the fourth 
node; and 

sending the second data to the fourth node based on the routing 
information. 

3. (original) A method as recited in claim 1, wherein the first public address is 
selected from a pool of available public addresses. 

4. (previously presented) A method as recited in claim 1, wherein when the first data 
has a DNS payload, the method further comprises: 

translating the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second node; and 

forming a second binding between the DNS payload address, the second public 
address, and the first interface. 

5. (cancelled) 

6. (previously presented) A method as recited in claim 1 , wherein the first data is a 
DNS request, the method further comprising: 

receiving a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in the second domain to the first 
node in the first domain, and wherein the second data is a DNS reply received into 
a the second interface and output from the first interface; 

obtaining routing information for the second data; 

translating the DNS payload address into a second public address and 
forming a second binding between the DNS payload address, the second public 
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address, and the second interface, wherein the translation is performed prior to 
sending the second data out the first interface to the first node; and 

sending the second data to the first node based on the routing information 
obtained for the second data. 

7. (original) A method as recited in claim 6, wherein the first binding between 
the first source address, the first public address, and the first interface is formed by creating a 
first entry in a first table that includes a first identifier for both the first public address and the 
first destination address, a destination pointer that references information on how to translate a 
destination address of a first subsequently received data from the first public address to the first 
source address, and a source pointer that references a null value. 

8. (original) A method as recited in claim 7, wherein the source pointer 
referencing a null value indicates that the source address of the first subsequently received data 
does not require translation. 

9. (original) A method as recited in claim 8, the method further comprising 
modifying the first binding, wherein the first binding is modified and the second binding is 
formed by: 

creating a second entry in the first table that includes a second identifier for both 
the first source address and the second public address, a destination pointer that references 
information on how to translate a destination address of a second subsequently received data 
from the second public address into the DNS payload address, and a source pointer that 
references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table that includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
information on how to translate a destination address of a third subsequently received data from 
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the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 

10. (original) A method as recited in claim 9, wherein the destination and source 
pointers each reference a pair having a private address of a particular interface and a 
corresponding public address, wherein the pair provide pre-translation and post- translation 
addresses for a particular source or destination address. 

11. (original) A method as recited in claim 1, further comprising tracking which 
interfaces may communicate with which other interfaces. 

12. (original) A method as recited in claim 11, wherein tracking is accomplished 
by setting up or dismantling one or more groups that each define which interfaces may 
communicate with each other. 

13. (original) A method as recited in claim 12, the method further comprising 
selecting a pool of public addresses for each group. 

14. (previously presented) A network address translation (NAT) system operable to 
perform network address translation on data, the NAT system comprising: 

one or more processors; 

one or more memory, wherein at least one of the processors and memory 

are adapted to: 

receive a first data having a first source address and a first destination 
address, wherein the first data is sent by a first node in a first domain to a second 
node in a second domain, and wherein the first data is received into a first 
interface associated with the first domain and output from a second interface 
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associated with the second domain, and wherein the first domain differs from the 
second domain; 

obtain routing information for the first data; 

if the first source address is a private address and if a binding between the 
first source address, the first interface, and a first public address is found, translate 
the first source address into the first public address specified by the found binding 
prior to sending the first data to the second domain destination; 

if the first source address is a private address and if a binding between the 
first source address, the first interface, and a first public address is not found, 
translate the first source address into a selected public address and form and store 
a first binding between the first source address, the selected public address, and 
the first interface, wherein the translation is performed prior to sending the first 
data to the second domain destination; 

if a destination binding between the first destination address, a first private 
address, and the second interface is found, translate the first destination address 
into the first private address specified by the destination binding, wherein the 
translation of the first destination address is performed prior to sending the first 
data out the second interface to the second node; and 

send the first data to the second node based on the routing information. 

15. (previously presented) A NAT system as recited in claim 14, wherein when the 
first data has a DNS payload, one or more memory, wherein at least one of the processors and 
memory are further adapted to: 

translate the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second node; and 
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form a second binding between the DNS payload address, the second public 
address, and the first interface. 

16. (cancelled) 

17. (previously presented) A NAT system as recited in claim 14, wherein the first data 
is a DNS request, wherein at least one of the processors and memory are further adapted to: 

receive a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in the second domain to the first 
node in the first domain, and wherein the second data is a DNS reply received into 
a the second interface and output from the first interface; 

obtain routing information for the second data; 

translate the DNS payload address into a second public address and 
forming a second binding between the DNS payload address, the second public 
address, and the second interface, wherein the translation is performed prior to 
sending the second data out the first interface to the first node; and 

send the second data to the first node based on the routing information 
obtained for the second data. 

18. (original) A NAT system as recited in claim 17, wherein the first binding 
between the first source address, the first public address, and the first interface is formed by 
creating a first entry in a first table that includes a first identifier for both the first public address 
and the first destination address, a destination pointer that references information on how to 
translate a destination address of a first subsequently received data from the first public address 
to the first source address, and a source pointer that references a null value. 
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19. (original) A NAT system as recited in claim 18, wherein the source pointer 
referencing a null value indicates that the source address of the first subsequently received data 
does not require translation. 

20. (original) A NAT system as recited in claim 19, wherein at least one of the 
processors and memory are further adapted to modify the first binding, wherein the first binding 
is modified and the second binding is formed by: 

creating a second entry in the first table that includes a second identifier for both 
the first source address and the second public address, a destination pointer that references 
information on how to translate a destination address of a second subsequently received data 
from the second public address into the DNS payload address, and a source pointer that 
references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table that includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
information on how to translate a destination address of a third subsequently received data from 
the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 

21. (original) A NAT system as recited in claim 20, wherein the destination and 
source pointers each reference a pair having a private address of a particular interface and a 
corresponding public address, wherein the pair provide pre-translation and post- translation 
addresses for a particular source or destination address. 

22. (original) A NAT system as recited in claim 14, wherein at least one of the 
processors and memory are further adapted to track which interfaces may communicate with 
which other interfaces. 



10/026,272 



9 



23. (original) A NAT system as recited in claim 22, wherein tracking is 
accomplished by setting up or dismantling one or more groups that each define which interfaces 
may communicate with each other. 

24. (original) A NAT system as recited in claim 23, wherein at least one of the 
processors and memory are further adapted to select a pool of public addresses for each group. 

25. (previously presented) A computer program product for performing network 
address translation on data, the computer program product comprising: 

at least one computer readable medium; 

computer program instructions stored within the at least one computer readable 
product configured to cause a network address translation system to: 

receive a first data having a first source address and a first destination 

address, wherein the first data is sent by a first node in a first domain to a second 

node in a second domain, and wherein the first data is received into a first 

interface associated with the first domain and output from a second interface 

associated with the second domain, and wherein the first domain differs from the 

second domain; 

obtain routing information for the first data; 

if the first source address is a private address and if a binding between the 
first source address, the first interface, and a first public address is found, translate 
the first source address into the first public address specified by the found binding 
prior to sending the first data to the second domain destination; 

if the first source address is a private address and if a binding between the 
first source address, the first interface, and a first public address is not found, 
translate the first source address into a selected public address and form and store 
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a first binding between the first source address, the selected public address, and 
the first interface, wherein the translation is performed prior to sending the first 
data to the second domain destination; 

if a destination binding between the first destination address, a first private 
address, and the second interface is found, translate the first destination address 
into the first private address specified by the destination binding, wherein the 
translation of the first destination address is performed prior to sending the first 
data out the second interface to the second node; and 

send the first data to the second node based on the routing information. 

26. (previously presented) A computer program product as recited in claim 25, 
wherein when the first data has a DNS payload, one or more memory, wherein the computer 
program instructions are further configured to cause the network address translation system to 

translate the DNS payload of the first data into a second public address, wherein 
the translation of the first destination address is performed prior to sending the first data to the 
second node; and 

form a second binding between the DNS payload address, the second public 
address, and the first interface. 

27. (cancelled) 

28. (original) A computer program product as recited in claim 25, wherein the first data 
is a DNS request, wherein the computer program instructions are further configured to cause the 
network address translation system to 

receive a second data after the first data, wherein the second data has a 
second source address, a second destination address, and a DNS payload address, 
wherein the second data is sent by a third node in the second domain to the first 
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node in the first domain, and wherein the second data is a DNS reply received into 
a the second interface and output from the first interface; 

obtain routing information for the second data; 

translate the DNS payload address into a second public address and 
forming a second binding between the DNS payload address, the second public 
address, and the second interface, wherein the translation is performed prior to 
sending the second data out the first interface to the first node; and 

send the second data to the first node based on the routing information 
obtained for the second data. 

29. (original) A computer program product as recited in claim 28, wherein the 
first binding between the first source address, the first public address, and the first interface is 
formed by creating a first entry in a first table that includes a first identifier for both the first 
public address and the first destination address, a destination pointer that references information 
on how to translate a destination address of a first subsequently received data from the first 
public address to the first source address, and a source pointer that references a null value. 

30. (original) A computer program product as recited in claim 29, wherein the 
source pointer referencing a null value indicates that the source address of the first subsequently 
received data does not require translation. 

31. (original) A computer program product as recited in claim 30, wherein the 
computer program instructions are further configured to cause the network address translation 
system to modify the first binding, wherein the first binding is modified and the second binding 
is formed by: 

creating a second entry in the first table that includes a second identifier for both 
the first source address and the second public address, a destination pointer that references 
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information on how to translate a destination address of a second subsequently received data 
from the second public address into the DNS payload address, and a source pointer that 
references information on how to translate a source address of the same second subsequently 
received data from the first source address into the first public address; and 

creating a third entry in the first table that includes a third identifier for both the 
DNS payload address and the first public address, a destination pointer that references 
information on how to translate a destination address of a third subsequently received data from 
the first public address into the first source address, and a source pointer that references 
information on how to translate a source address of the third subsequently received data from the 
DNS payload address into the second public address. 

32. (original) A computer program product as recited in claim 31, wherein the 
destination and source pointers each reference a pair having a private address of a particular 
interface and a corresponding public address, wherein the pair provide pre-translation and post- 
translation addresses for a particular source or destination address. 

33. (original) A computer program product as recited in claim 25, wherein the 
computer program instructions are further configured to cause the network address translation 
system to track which interfaces may communicate with which other interfaces. 

34. (original) A computer program product as recited in claim 33, wherein 
tracking is accomplished by setting up or dismantling one or more groups that each define which 
interfaces may communicate with each other. 

35. (original) A computer program product as recited in claim 34, wherein the 
computer program instructions are further configured to cause the network address translation 
system to select a pool of public addresses for each group. 

36. (previously presented) An apparatus for performing network address translation on 
data, the apparatus comprising: 
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means for receiving a first data having a first source address and a first 
destination address, wherein the first data is sent by a first node in a first domain 
to a second node in a second domain, and wherein the first data is received into a 
first interface associated with the first domain and output from a second interface 
associated with the second domain, and wherein the first domain differs from the 
second domain; 

means for obtaining routing information for the first data; 

means for, if the first source address is a private address and if a binding 
between the first source address, the first interface, and a first public address is 
found, translating the first source address into the first public address specified by 
the found binding prior to sending the first data to the second domain destination; 

means for translating the first source address into a selected public address 
and forming a first binding between the first source address, the selected public 
address, and the first interface if the first source address is a private address and if 
a binding between the first source address, the first interface, and a first public 
address is not found, wherein the translation is performed prior to sending the first 
data to the second domain destination; 

means for translating the first destination address into the first private 
address specified by the destination binding if a destination binding between the 
first destination address, a first private address, and the second interface is found, 
wherein the translation of the first destination address is performed prior to 
sending the first data out the second interface to the second node; and 

means for sending the first data to the second node based on the routing 
information. 
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37. (previously presented) An apparatus as recited in claim 36, wherein the first data is 
a DNS request, the apparatus further comprising: 

means for receiving a second data after the first data, wherein the second 
data has a second source address, a second destination address, and a DNS 
pay load address, wherein the second data is sent by a third node in the second 
domain to the first node in the first domain, and wherein the second data is a DNS 
reply received into a the second interface and output from the first interface; 

means for obtaining routing information for the second data; 

means for translating the DNS payload address into a second public 
address and forming a second binding between the DNS payload address, the 
second public address, and the second interface, wherein the translation is 
performed prior to sending the second data out the first interface to the first node; 
and 

means for sending the second data to the first node based on the routing 
information obtained for the second data. 

38. (previously presented) A NAT system as recited in claim 14, wherein at least one 
of the processors and memory are further adapted to: 

receive a second data having a second source address and a second 
destination address, wherein the second data is sent by a third node in a third 
domain to a fourth node in a fourth domain, and wherein the first data is received 
into a third interface associated with the third domain and output from a fourth 
interface associated with the fourth domain, and wherein the third domain differs 
from the first domain but the second source address is the same as the first source 
address; 

obtain routing information for the second data; 
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if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is 
found, translate the second source address into the second public address specified 
by the found binding prior to sending the second data from the fourth domain 
interface; 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is not 
found, translate the second source address into a selected public address and form 
and store a second binding between the second source address, the selected public 
address, and the third interface, wherein the translation is performed prior to 
sending the second data from the fourth interface; 

if a second destination binding between the second destination address, a 
second private address, and the fourth interface is found, translate the second 
destination address into the second private address specified by the second 
destination binding, wherein the translation of the second destination address is 
performed prior to sending the second data out the fourth interface to the fourth 
node; and 

send the second data to the fourth node based on the routing information. 

39. (previously presented) A computer program product as recited in claim 25, the 
computer program instructions stored within the at least one computer readable product further 
configured to cause the network address translation system to: 

receive a second data having a second source address and a second 
destination address, wherein the second data is sent by a third node in a third 
domain to a fourth node in a fourth domain, and wherein the first data is received 
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into a third interface associated with the third domain and output from a fourth 
interface associated with the fourth domain, and wherein the third domain differs 
from the first domain but the second source address is the same as the first source 
address; 

obtain routing information for the second data; 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is 
found, translate the second source address into the second public address specified 
by the found binding prior to sending the second data from the fourth domain 
interface; 

if the second source address is a private address and if a binding between 
the second source address, the third interface, and a second public address is not 
found, translate the second source address into a selected public address and form 
and store a second binding between the second source address, the selected public 
address, and the third interface, wherein the translation is performed prior to 
sending the second data from the fourth interface; 

if a second destination binding between the second destination address, a 
second private address, and the fourth interface is found, translate the second 
destination address into the second private address specified by the second 
destination binding, wherein the translation of the second destination address is 
performed prior to sending the second data out the fourth interface to the fourth 
node; and 

send the second data to the fourth node based on the routing information. 
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